Back

Claude Code MCP Traffic Hijacked to Steal OAuth Tokens

Severity: High (Score: 68.0)

Sources: Gbhackers, Cybersecuritynews

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: claude, code, traffic, hijack, oauth, tokens, hackers

Summary

A new man-in-the-middle (MitM) attack has been identified, targeting Anthropic's Claude Code ecosystem. Threat actors exploit vulnerabilities in the Model Context Protocol (MCP) traffic to intercept OAuth authentication tokens. This attack allows unauthorized access to enterprise SaaS platforms such as Jira, Confluence, and GitHub. Researchers from Mitiga Labs have detailed a five-step attack chain that redirects MCP traffic through attacker-controlled infrastructure. The attack leverages weak protections in the local Claude Code configuration file, specifically ~/.claude.json. As of now, no patch has been released by Anthropic to mitigate this vulnerability. Organizations using Claude Code are at risk of unauthorized access and data breaches. The attack is significant due to the potential for broad access to sensitive enterprise data. Key Points: • Hackers exploit Claude Code MCP traffic to hijack OAuth tokens. • The attack allows unauthorized access to major SaaS platforms like Jira and GitHub. • No patch has been released by Anthropic to address this vulnerability.

Detailed Analysis

**Impact** Enterprises using Anthropic’s Claude Code platform are affected, particularly those integrating OAuth-authenticated SaaS platforms such as Jira, Confluence, and GitHub. The attack enables adversaries to steal OAuth bearer tokens, granting persistent and broad access to enterprise SaaS resources. No specific numbers, sectors, or geographic details are provided in the sources. **Technical Details** The attack is a man-in-the-middle (MitM) chain that hijacks Model Context Protocol (MCP) traffic by redirecting it through attacker-controlled infrastructure. It exploits weak protections around the local Claude Code configuration file (~/.claude.json) to intercept OAuth tokens. The attack involves five steps, beginning with unauthorized access to the local configuration, enabling token theft and persistence. No CVEs or malware names are mentioned. **Recommended Response** No patches from Anthropic are currently available. Defenders should immediately monitor MCP traffic for unauthorized redirections and anomalous OAuth token usage. Harden local file permissions on ~/.claude.json to restrict unauthorized access. Implement network-level controls to detect and block suspicious MCP traffic routing.

Source articles (2)

  • Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens — Cybersecuritynews · 2026-06-08
    A five-step attack chain that silently redirects Claude Code’s Model Context Protocol (MCP) traffic through attacker-controlled infrastructure, intercepting OAuth bearer tokens that grant persistent,…
  • Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens — Gbhackers · 2026-06-08
    Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model Context Protocol (MCP) traffic to steal OAut…

Timeline

  • 2026-06-08 — Mitiga Labs reveals new attack method: Researchers detailed a five-step MitM attack targeting Claude Code's MCP traffic to steal OAuth tokens.
  • 2026-06-08 — Attack method demonstrated: The attack chain was demonstrated by Mitiga Labs, showing how traffic is redirected through attacker-controlled infrastructure.
  • 2026-06-08 — No patch available from Anthropic: As of the latest reports, Anthropic has not released any patches to mitigate the identified vulnerabilities.

Related entities

  • Man-in-the-Middle (Attack Type)
  • Anthropic (Company)
  • Claude Code (Tool)
  • Confluence (Platform)
  • GitHub (Platform)
  • JIRA (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed